LawFlash

Senator’s Cybersecurity Letter Gets Attention from Fortune 500

September 25, 2012

CEOs of the top 500 U.S. companies receive call to action on cybersecurity protection issues from Senator Rockefeller.

On September 19, Senator John D. (Jay) Rockefeller IV, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, sent a letter to the CEOs of the top 500 U.S. businesses expressing disappointment over the U.S. Senate's recent rejection of the proposed Cybersecurity Act.[1] The act aimed to enhance the security and resiliency of the cyber and communications infrastructure of the United States.

In the letter, Senator Rockefeller requests that CEOs help him understand their companies' views on cybersecurity by answering the following eight questions:

Has your company adopted a set of best practices to address its own cybersecurity needs?

If so, how were these cybersecurity practices developed?

Were they developed by the company solely, or were they developed outside the company? If developed outside the company, please list the institution, association, or entity that developed them.

When were these cybersecurity practices developed? How frequently have they been updated? Does your company's board of directors or audit committee keep abreast of developments regarding the development and implementation of these practices?

Has the federal government played any role, whether advisory or otherwise, in the development of these cybersecurity practices?

What are your concerns, if any, with a voluntary program that enables the federal government and the private sector to develop, in coordination, best cybersecurity practices for companies to adopt as they so choose, as outlined in the Cybersecurity Act of 2012?

What are your concerns, if any, with the federal government conducting risk assessments, in coordination with the private sector, to best understand where our nation's cyber vulnerabilities are, as outlined in the Cybersecurity Act of 2012?

What are your concerns, if any, with the federal government determining, in coordination with the private sector, the country's most critical cyber infrastructure, as outlined in the Cybersecurity Act of 2012?

Senator Rockefeller's letter to the CEOs was sent after receiving a response from the Obama administration to his call for the White House to issue an executive order on cybersecurity.[2] In the opinion of Senator Rockefeller,[3] the executive order should do the following:

Begin with a comprehensive and collaborative government-private sector risk assessment to inventory the threats and vulnerabilities that pose particular risks to particular categories of critical infrastructure.

Draw on government and private sector expertise to develop dynamic and adaptable cybersecurity practices that are best suited for each critical infrastructure sector.

Implement these practices through private sector collaboration with, and assistance from, an interagency effort that includes the Departments of Defense, Commerce, and Justice, as well as other sector-specific agencies and regulators, and is led by the Department of Homeland Security.

The recipients of Senator Rockefeller's letter are in the process of considering how best to respond to the communication. The letter requests responses from the CEOs by Friday, October 19, 2012.

Contacts

A diverse group of lawyers with senior-level executive branch and government regulatory agency backgrounds forms the core of Morgan Lewis's Washington, D.C., Government Relations and Public Policy Practice, which is well positioned to advise Fortune 500 companies that have received Senator Rockefeller's letter. The practice is built around alumni from both Republican and Democratic administrations, ensuring a multidimensional perspective on all matters.

If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis professionals: